On Tue, Dec 20, 2016 at 11:31:57AM +0100, Jiri Kosina wrote: > On Tue, 20 Dec 2016, Jiri Kosina wrote: > > > I stay totally unconvinced that such kind of countermeasure brings any > > value whatsoever. Could you please bring up a particular usecase, where > > you have complete control over kernel memory, and still the only > > possible exploit factor is redirecting usermodhelper? It feels like > > rather random shot into darkness. > > If we want to make usermod helper really secure, perhaps the best way to > go would be to completely nuke it and handle everyhting in udev; that'd be > quite some work though, especially so that we don't break all the corner > cases of module autoloading (request_module() and such).
In talking about this with others, I like Neil's approach of just calling out to a statically-defined single binary to handle all of the specifics. Using something like busybox/toybox to handle any usermode helper issues would be a very simple way to deal with this on a large number of systems (i.e. embedded devices / phones / chromebooks). After I return from vacation, I'll respin this series based on that idea and repost it. thanks, greg k-h